Don’t be the next Travelex!

Iain Westwood

As a business starts its journey towards the cloud, security focus will often shift outwards towards the Internet.  By moving data from inside the traditional network perimeter to the cloud, a whole new set of cybersecurity considerations occur and questions such as “How can we prevent our cloud environment from a breach and protect our data from theft?” become more relevant than ever.

Fortunately, there are tools available to help with these concerns.  Some examples include Cloud Access Security Broker (CASB) software such as Netskope for Data Loss Prevention, Dome9 for securing AWS and other cloud environments as well as other tools such as Web Application Firewalls (WAF).

Security in the cloud must be taken seriously but it is equally important to ensure the existing corporate infrastructure remain secure as well.

One of the more high-profile cases in the last few months is the data breach at Travelex where circumstantial evidence suggests hackers were able to exploit a vulnerability in unpatched Pulse VPN servers granting them access to the internal network and the information therein.

So, what can you do to help protect your network and infrastructure?

1.       Subscribe to vendor security notifications and patch frequently

Ensure that your hardware firmware, Operating Systems, and applications are always patched against security threats when patches are released by a vendor.  A recent flaw with the Citrix Application Delivery Controller and Gateway (CVE-2019-19781) saw over 80,000 companies at risk of a breach in over 150 countries.

2.       Monitor firewalls and Intrusion Prevention systems and deploy in-depth

Many companies will define their firewall and IPS policies when the appliances are first installed and subsequently never monitor the logs or review the systems until a change is required or something goes wrong.  Outputting firewall and IPS logs to a SIEM  (Security Information and Event Management) such as Sumo Logic can help monitor and visualize what is happening within the network and alert when defined conditions are met.  When deploying firewalls and IPS systems, don’t just leave them at the perimeter.  Employing firewalls inside the network allows internal network segments to be secured and monitored granting more visibility and monitoring capability.

3.       Update Passwords frequently and use Two Factor Authentication (2FA) where possible

Setting a realistic password update policy can help boost security.  Asking a user to remember a 20-character password will likely result in post-it notes stuck to the monitor with the password written down so choosing a reasonable password length, ensuring the password is changed frequently and integrating 2FA will all help to keep the environment secure.

4.       Check and keep anti-virus software up to date

Preventing a virus from detonating is crucial and therefore, making sure your anti-virus product has the latest signatures is a must.  Most can be configured to check for updates from the Internet or a central console automatically.  Moving to “next-generation” anti-virus products such as Crowdstrike Falcon where machine intelligence and cloud learning are used to stop unknown threats before they occur should also be a consideration.

5.       Employee Education

Possibly the most important element of any security plan is ensuring that employees are educated in security awareness and communicating its importance.  All the tools, patching and monitoring are useless if employees try to circumnavigate them by attempting to use anonymizing proxy servers or shadow-IT services.

activereach specialises in helping companies to understand what they need to keep networks secure and combat threats. Give us a call on 0845 625 9025 or contact us to find out more.